FYI...

Shockwave Player vuln - update v11.5.0.600 available
- http://www.adobe.com/support/security/bull.../apsb09-08.html
June 23, 2009 - "A critical vulnerability has been identified in Adobe Shockwave Player 11.5.0.596 and earlier versions. This vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected system... To resolve this issue, Shockwave Player users on Windows should -uninstall- Shockwave version 11.5.0.596 and earlier on their systems, restart, and install Shockwave version 11.5.0.600, available here: http://get.adobe.com/shockwave/ . This issue is remotely exploitable..."

- http://voices.washingtonpost.com/securityf...x_for_adob.html
June 25, 2009 - "...Readers should be aware that by default this patch will also try to install Symantec's Norton Security Scan, a clever marketing tool by Symantec that checks to see if you have malware on your system and then prompts you to buy their software to remove any found items. I find the bundling of a serious security update with this otherwise useless tool annoying, and potentially counter-productive... did they borrow the idea from the people pushing rogue anti-virus products (or was it the other way around?) At any rate, if you don't want this extra software, be sure to deselect that option before proceeding with the update."

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-1860
http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-2186

- http://secunia.com/advisories/35544/2/
Release Date: 2009-06-24
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Shockwave Player 11.x ...
Solution: Uninstall versions prior to 11.5.0.600, restart the system, and install version 11.5.0.600:
http://get.adobe.com/shockwave/

- http://www.us-cert.gov/current/#adobe_rele...e_for_shockwave
June 24, 2009



This post has been edited by AplusWebMaster: Jun 29 2009, 10:52 AM

FYI...

Adobe Shockwave v11.5.1.601 released
- http://www.adobe.com/support/security/bull.../apsb09-11.html
July 28, 2009 - "...Adobe recommends Shockwave Player users on Windows install Shockwave version 11.5.1.601, available here: http://get.adobe.com/shockwave/ .
Users who are unable to update to version 11.5.1.601 of Shockwave Player should consider installing MS09-034. As a defense-in-depth measure, this Internet Explorer security update helps mitigate known attack vectors within Internet Explorer for those components and controls, such as Shockwave Player, that have been developed with vulnerable versions of ATL as described in Microsoft Security Advisory (973882) and Microsoft Security Bulletin MS09-035... Adobe categorizes this as a critical update and recommends that users apply the update for their product installations..."

Once again ...
- http://voices.washingtonpost.com/securityf...x_for_adob.html
"... by default this patch will also try to install Symantec's Norton Security Scan, a clever marketing tool by Symantec that checks to see if you have malware on your system and then prompts you to buy their software to remove any found items. I find the bundling of a serious security update with this otherwise useless tool annoying, and potentially counter-productive... did they borrow the idea from the people pushing rogue anti-virus products (or was it the other way around?) At any rate, if you don't want this extra software, be sure to deselect that option before proceeding with the update."

- http://secunia.com/advisories/36049/2/
Release Date: 2009-07-29
Critical: Highly critical
Impact: System access, Exposure of sensitive information, Security Bypass
Where: From remote
Solution Status: Vendor Patch
Software: Shockwave Player 10.x, Shockwave Player 11.x, Shockwave Player 8.x, Shockwave Player 9.x
Solution: Update to version 11.5.1.601.
http://get.adobe.com/shockwave/
Original Advisory:
http://www.adobe.com/support/security/bull.../apsb09-11.html ...

- http://www.us-cert.gov/current/#adobe_rele...kware_player_11
updated July 31, 2009

Test site: http://www.adobe.com/shockwave/welcome/



This post has been edited by AplusWebMaster: Aug 1 2009, 08:07 AM

FYI...

Adobe Shockwave Player v11.5.2.602 released
- http://www.adobe.com/support/security/bull.../apsb09-16.html
Release date: November 3, 2009
Affected software versions: Shockwave Player 11.5.1.601 and earlier versions
Solution: Adobe recommends Shockwave Player users install Shockwave Player version 11.5.2.602 available here: http://get.adobe.com/shockwave/
Severity rating: Adobe categorizes this as a critical update and recommends that users apply the update for their product installations...
CVE number:
http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-3244
http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-3463
http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-3464
http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-3465
http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-3466
Platform: Windows and Macintosh

Once again, still ...
- http://voices.washingtonpost.com/securityf...x_for_adob.html
"... by default this patch will also try to install Symantec's Norton Security Scan, a clever marketing tool by Symantec that checks to see if you have malware on your system and then prompts you to buy their software to remove any found items. I find the bundling of a serious security update with this otherwise useless tool annoying, and potentially counter-productive... did they borrow the idea from the people pushing rogue anti-virus products (or was it the other way around?) At any rate, if you don't want this extra software, be sure to deselect that option before proceeding with the update."

Test site:
- http://www.adobe.com/shockwave/welcome/

- http://secunia.com/advisories/37214/2/
Release Date: 2009-11-04
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 11.5.2.602...

- http://news.techworld.com/security/3205708...ve-player-bugs/
"... installed on some 450 million PCs..."



This post has been edited by AplusWebMaster: Nov 5 2009, 01:56 PM